May 29, 2020
N.Y. cyber security certification of compliance filings due by June 1
All covered entities must certify their cyber security regulation compliance annually with the New York State Department of Financial Services (as required by 23 NYCRR 500). This certification would have to have been filed via the DFS web portal between Jan. 1, 2020, and April 15, 2020, so covered entities can attest to their compliance for the 2019 calendar year. However, this year’s deadline originally was extended to Saturday, May 30, 2020, and was then again extended to Monday, June 1, 2020, for regulated entities and persons who are unable to meet the filing deadline due to the outbreak of COVID-19. This extended deadline applies to all effective sections of the regulation.
The DFS announced that limited exemptions filed in 2019 still are valid. Covered entities do not need to file a new exemption in 2020. If there has been any change in the exemption status, covered entities should amend or terminate their limited exemption.
For more information on the cyber security regulation, check out the cyber security section of PIA’s Privacy Compliance Central tool kit, which contains the DFS’s FAQ and several additional Ask PIA FAQs.